NAME | SYNOPSIS | DESCRIPTION | CONFIGURATION FORMAT | CONFIGURATION DIRECTORIES AND PRECEDENCE | IDEMPOTENCE | SEE ALSO | COLOPHON

SYSUSERS.D(5)                    sysusers.d                    SYSUSERS.D(5)

NAME         top

       sysusers.d - Declarative allocation of system users and groups

SYNOPSIS         top

       /usr/lib/sysusers.d/*.conf

DESCRIPTION         top

       systemd-sysusers uses the files from sysusers.d directory to create
       system users and groups at package installation or boot time. This
       tool may be used to allocate system users and groups only, it is not
       useful for creating non-system users and groups, as it accesses
       /etc/passwd and /etc/group directly, bypassing any more complex user
       databases, for example any database involving NIS or LDAP.

CONFIGURATION FORMAT         top

       Each configuration file shall be named in the style of package.conf
       or package-part.conf. The second variant should be used when it is
       desirable to make it easy to override just this part of
       configuration.
       The file format is one line per user or group containing name, ID,
       GECOS field description and home directory:
           # Type Name ID GECOS
           u httpd 440 "HTTP User"
           u authd /usr/bin/authd "Authorization user"
           g input - -
           m authd input
           u root 0 "Superuser" /root
   Type
       The type consists of a single letter. The following line types are
       understood:
       u
           Create a system user and group of the specified name should they
           not exist yet. The user's primary group will be set to the group
           bearing the same name. The user's shell will be set to
           /sbin/nologin, the home directory to the specified home
           directory, or / if none is given. The account will be created
           disabled, so that logins are not allowed.
       g
           Create a system group of the specified name should it not exist
           yet. Note that u implicitly create a matching group. The group
           will be created with no password set.
       m
           Add a user to a group. If the user or group do not exist yet,
           they will be implicitly created.
       r
           Add a range of numeric UIDs/GIDs to the pool to allocate new UIDs
           and GIDs from. If no line of this type is specified, the range of
           UIDs/GIDs is set to some compiled-in default. Note that both UIDs
           and GIDs are allocated from the same pool, in order to ensure
           that users and groups of the same name are likely to carry the
           same numeric UID and GID.
   Name
       The name field specifies the user or group name. It should be shorter
       than 31 characters and avoid any non-ASCII characters, and not begin
       with a numeric character. It is strongly recommended to pick user and
       group names that are unlikely to clash with normal users created by
       the administrator. A good scheme to guarantee this is by prefixing
       all system and group names with the underscore, and avoiding too
       generic names.
       For m lines, this field should contain the user name to add to a
       group.
       For lines of type r, this field should be set to "-".
   ID
       For u and g, the numeric 32-bit UID or GID of the user/group. Do not
       use IDs 65535 or 4294967295, as they have special placeholder
       meanings. Specify "-" for automatic UID/GID allocation for the user
       or group. Alternatively, specify an absolute path in the file system.
       In this case, the UID/GID is read from the path's owner/group. This
       is useful to create users whose UID/GID match the owners of
       pre-existing files (such as SUID or SGID binaries).
       For m lines, this field should contain the group name to add to a
       user to.
       For lines of type r, this field should be set to a UID/GID range in
       the format "FROM-TO", where both values are formatted as decimal
       ASCII numbers. Alternatively, a single UID/GID may be specified
       formatted as decimal ASCII numbers.
   GECOS
       A short, descriptive string for users to be created, enclosed in
       quotation marks. Note that this field may not contain colons.
       Only applies to lines of type u and should otherwise be left unset,
       or be set to "-".
   Home Directory
       The home directory for a new system user. If omitted, defaults to the
       root directory. It is recommended to not unnecessarily specify home
       directories for system users, unless software strictly requires one
       to be set.
       Only applies to lines of type u and should otherwise be left unset,
       or be set to "-".

CONFIGURATION DIRECTORIES AND PRECEDENCE         top

       Configuration files are read from directories in /etc/, /run/, and
       /usr/lib/, in order of precedence. Each configuration file in these
       configuration directories shall be named in the style of
       filename.conf. Files in /etc/ override files with the same name in
       /run/ and /usr/lib/. Files in /run/ override files with the same name
       in /usr/lib/.
       Packages should install their configuration files in /usr/lib/. Files
       in /etc/ are reserved for the local administrator, who may use this
       logic to override the configuration files installed by vendor
       packages. All configuration files are sorted by their filename in
       lexicographic order, regardless of which of the directories they
       reside in. If multiple files specify the same option, the entry in
       the file with the lexicographically latest name will take precedence.
       It is recommended to prefix all filenames with a two-digit number and
       a dash, to simplify the ordering of the files.
       If the administrator wants to disable a configuration file supplied
       by the vendor, the recommended way is to place a symlink to /dev/null
       in the configuration directory in /etc/, with the same filename as
       the vendor configuration file. If the vendor configuration file is
       included in the initrd image, the image has to be regenerated.

IDEMPOTENCE         top

       Note that systemd-sysusers will do nothing if the specified users or
       groups already exist, so normally, there is no reason to override
       sysusers.d vendor configuration, except to block certain users or
       groups from being created.

SEE ALSO         top

       systemd(1), systemd-sysusers(8)

COLOPHON         top

       This page is part of the systemd (systemd system and service manager)
       project.  Information about the project can be found at 
       ⟨http://www.freedesktop.org/wiki/Software/systemd⟩.  If you have a bug
       report for this manual page, see 
       ⟨http://www.freedesktop.org/wiki/Software/systemd/#bugreports⟩.  This
       page was obtained from the project's upstream Git repository 
       ⟨https://github.com/systemd/systemd.git⟩ on 2017-07-05.  If you dis‐
       cover any rendering problems in this HTML version of the page, or you
       believe there is a better or more up-to-date source for the page, or
       you have corrections or improvements to the information in this
       COLOPHON (which is not part of the original manual page), send a mail
       to man-pages@man7.org
systemd 234                                                    SYSUSERS.D(5)

Pages that refer to this page: systemd.directives(7)systemd.index(7)systemd-sysusers(8)